package com.project.easy.common.framework.web.filter;

import com.project.easy.common.framework.auth.core.ITokenStore;
import com.project.easy.common.framework.auth.dto.TokenContext;
import  com.project.easy.common.util.collection.CollectionUtil;
import  com.project.easy.common.util.dto.ApiContextParam;
import  com.project.easy.common.util.dto.FilterDto;
import  com.project.easy.common.util.dto.UserInfo;
import  com.project.easy.common.util.enums.exception.AuthExceptionEnums;
import  com.project.easy.common.util.filter.WebAuthFilter;
import  com.project.easy.common.util.string.StringUtil;
import com.project.easy.common.framework.web.entity.dto.WebAuthFilterDto;
import com.project.easy.common.framework.web.exception.auth.AuthException;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Objects;

/**
* @Author: yangchao.cool
* @Date: 2022/7/19 22:52
 * Description: 权限认证
*/
@Component
public class AuthWebAuthFilter extends WebAuthFilter {

    @Autowired(required = false)
    private ITokenStore iTokenStore;

    /**
     * 过滤器执行方法
     *
     * @param request  请求
     * @param response 响应
     * @param param    参数
     * @return 返回结果
     */
    @Override
    public FilterDto doFilter(HttpServletRequest request, HttpServletResponse response, FilterDto param) {
        WebAuthFilterDto filterDto =  (WebAuthFilterDto) param;
        if (!Objects.isNull(filterDto.getAuthValidator()) && filterDto.getAuthValidator().hasToken()) {
            if (filterDto.getAuthValidator().hasAuth()
                    && (Objects.nonNull(((WebAuthFilterDto) param).getApiValidator())) && ((WebAuthFilterDto) param).getApiValidator().hasAuth()) {
                checkAuth(request, (WebAuthFilterDto) param, Boolean.TRUE);
            } else {
                checkAuth(request, (WebAuthFilterDto) param, Boolean.FALSE);

            }
        }
        return filterDto;
    }

    /**
     * 验证TOKEN
     * @param request 请求
     * @param filterDto  过滤参数
     * @param hasAuth  true 验证权限 false 不验证
     */
    private void checkAuth(HttpServletRequest request, WebAuthFilterDto filterDto, Boolean hasAuth) {
        String token = request.getHeader("token");
        Object[] args = filterDto.getPoint().getArgs();
        if (StringUtil.isBlank(token)) {
            throw  new AuthException(AuthExceptionEnums.TOKEN_BLANK.getCode(), AuthExceptionEnums.TOKEN_BLANK.getName());
        }
        if (!iTokenStore.validata(token)) {
            throw  new AuthException(AuthExceptionEnums.TOKEN_ILLEGAL.getCode(), AuthExceptionEnums.TOKEN_ILLEGAL.getName());
        }
        //设置参数
        TokenContext tokenContext = iTokenStore.queryUserInfo(token);
        if (Objects.isNull(tokenContext)) {
            throw  new AuthException(AuthExceptionEnums.TOKEN_ILLEGAL.getCode(), AuthExceptionEnums.TOKEN_ILLEGAL.getName());
        }
        UserInfo userInfo = new UserInfo();
        BeanUtils.copyProperties(tokenContext.getUserInfo(), userInfo, "auth", "function");
        //设置用户信息
        if (!CollectionUtil.isNull(args)) {
            for (Object arg : args) {
                if (arg instanceof ApiContextParam) {
                    ((ApiContextParam) arg).getPubHeader().setToken(token);
                    ((ApiContextParam) arg).setApiContextParamUserInfo(tokenContext.getUserInfo());
                }
            }
        }
        //验证权限
        if (hasAuth) {
            if (!tokenContext.getUserInfo().getFunction().contains(request.getRequestURI())) {
                throw  new AuthException(AuthExceptionEnums.NOT_AUTH.getCode(), AuthExceptionEnums.NOT_AUTH.getName());
            }
        }
    }
}
